[Pkg-mediawiki-devel] Bug#655694: mediawiki: cache poison vulnerability

Jonathan Wiltshire jmw at debian.org
Fri Jan 13 09:38:45 UTC 2012

Package: mediawiki
Version: 1:1.15.5
Severity: important
Tags: security

CVE-2012-0046 describes a cache poison vulnerability.

Roan Kattouw discovered an issue with the API, where prop=revisions would
expose deleted text to unprivileged users through cache pollution.


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mediawiki depends on:
ii  apache2                      2.2.21-5
ii  apache2-mpm-prefork [httpd]  2.2.21-5
ii  debconf [debconf-2.0]        1.5.41
ii  mime-support                 3.51-1
ii  php5               
ii  php5-mysql         
ii  php5-pgsql         
ii  php5-sqlite        

Versions of packages mediawiki recommends:
ii  mysql-server                     5.1.58-1
ii  mysql-server-5.1 [mysql-server]  5.1.58-1
ii  php5-cli               

Versions of packages mediawiki suggests:
ii  clamav          0.97.3+dfsg-2
ii  imagemagick     8:
ii  mediawiki-math  <none>
ii  memcached       <none>
ii  php5-gd

-- Configuration Files:
/etc/mediawiki/apache.conf changed [not included]

-- debconf information excluded

More information about the Pkg-mediawiki-devel mailing list